bootkit – Page 2 – WindowsTechs.com

MosaicRegressor: ‘Chinese’ UEFI Bootkit Snoops on North Korean Foes

Posted on October 6, 2020 by Richi Jennings

Researchers say they’ve found on the second known example of UEFI malware. They’re calling it MosaicRegressor.
The post MosaicRegressor: ‘Chinese’ UEFI Bootkit Snoops on North Korean Foes appeared first on Security Boulevard.
Continue reading MosaicRegressor: ‘Chinese’ UEFI Bootkit Snoops on North Korean Foes→

Rare Bootkit Malware Targets North Korea-Linked Diplomats

Posted on October 5, 2020 by Tara Seals

The MosaicRegressor espionage framework is newly discovered and appears to be the work of Chinese-speaking actors. Continue reading Rare Bootkit Malware Targets North Korea-Linked Diplomats→

Oh, what a boot-iful mornin’

Posted on June 23, 2020 by Alexander Eremin

In mid-April, our threat monitoring systems detected malicious files being distributed under the name “on the new initiative of the World Bank in connection with the coronavirus pandemic” (in Russian) with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit. Continue reading Oh, what a boot-iful mornin’→

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

Posted on May 14, 2019 by Mohit Kumar

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls.

Dubbed Thrang… Continue reading Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor→

Fileless Threat CactusTorch Abuses .NET to Infect Systems

Posted on July 27, 2018 by Lucian Constantin

Over the past several months, security researchers have observed increased activity from a malware threat called CactusTorch that uses fileless techniques and reputable Windows executables to avoid detection. The malware program loads shellcode directl… Continue reading Fileless Threat CactusTorch Abuses .NET to Infect Systems→

‘Hidden Bee’ miner delivered via improved drive-by download toolkit

Posted on July 26, 2018 by Malwarebytes Labs

Threat actors switch to the Hidden Bee miner as a payload for this unusual and complex drive-by download campaign.
Categories:

Exploits
Threat analysis

Tags: bootkitcryptominerdrive-by attackexploithidden beehidden bee minerMBR

Devilish ONI Attacks in Japan Use Wiper to Cover Tracks

Posted on November 2, 2017 by Michael Mimoso

The ONI ransomware attacks targeting organizations in Japan are also dropping wiper malware which is being used to delete logs and cover the attackers’ tracks. Continue reading Devilish ONI Attacks in Japan Use Wiper to Cover Tracks→

Oops! Microsoft Accidentally Leaks Backdoor Keys to Bypass UEFI Secure Boot

Posted on August 10, 2016 by Swati Khandelwal

It’s True — There is no such backdoor that only its creator can access.

Microsoft has accidentally leaked the Secret keys that allow hackers to unlock devices protected by UEFI (Unified Extensible Firmware Interface) Secure Boot feature.

What’s even worse?

It will be impossible for Microsoft to undo its leak.
<!– adsense –>
Secure Boot is a security feature that protects your device from

Continue reading Oops! Microsoft Accidentally Leaks Backdoor Keys to Bypass UEFI Secure Boot→

What is Strictly Enforced Verified Boot in Android 7.0 Nougat?

Posted on July 20, 2016 by Swati Khandelwal

As far as security is concerned, Google is going very strict with the newest version of its mobile operating system.

Until now, Google has not done more than just alerting you of the potential threats when your Android device runs the check as part of… Continue reading What is Strictly Enforced Verified Boot in Android 7.0 Nougat?→